Generate or Renew CPanel/WHM SSL Certificates

Symptoms:-
1. When connecting to all CPanel/WHM SSL-enabled services (cpanel, WHM, webmail, SMTP, POP, IMAP, etc), you will get a warning of invalid certificate, and have to manually bypass or add exception in order to proceed.
or
2. Cron mails from the server include warnings as follows: "The SSL (Secure Sockets Layer) certificate ..... will expire in less than 30 days."

Solution:-
All managed servers currently use free SSL certificates provided by letsencrypt.org , which require renewal every 3-4 months. To generate and/or renew:-

1. SSH to server

2. vim /etc/crontab , and copy paste the letsencrypt command as follows:-
/root/.local/share/letsencrypt/bin/letsencrypt --text certonly --renew-by-default --webroot --webroot-path /usr/local/apache/htdocs/ -d server-hostname-fqdn
(server-hostname-fqdn is full hostname including domain, e.g. sv1.shoppingnsales.com (or just shoppingnsales.com, depending on how admin/customer normally access cpanel, WHM, webmail, SMTP, POP, IMAP, etc)).

3. The results should be of this sort:-
 
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/server-hostname-fqdn/fullchain.pem. Your
   cert will expire on 2016-07-31. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

4. Ensure certificate files updated:-
cd /etc/letsencrypt/live/server-hostname-fqdn
ls -l 
lrwxrwxrwx 1 root root   48 May  3 06:29 cert.pem -> ../../archive/server-hostname-fqdn/cert4.pem
lrwxrwxrwx 1 root root   49 May  3 06:29 chain.pem -> ../../archive/server-hostname-fqdn/chain4.pem
lrwxrwxrwx 1 root root   53 May  3 06:29 fullchain.pem -> ../../archive/server-hostname-fqdn/fullchain4.pem
lrwxrwxrwx 1 root root   51 May  3 06:29 privkey.pem -> ../../archive/server-hostname-fqdn/privkey4.pem
(Most importantly, each files' last modified date must be today's date)

5. Go to server WHM --> Manage Service SSL Certificates
Tick each of this option:-
 Calendar, cPanel, WebDisk, Webmail, and WHM Services 
 Dovecot Mail Server 
 Exim (SMTP) Server 
 FTP Server 
- Copy paste the following file contents (from "BEGIN" to "END" lines) into the corresponding fields:-
cert.pem --> Certificate
privkey.pem --> Private Key
chain.pem ---> Certificate Authority Bundle
- Click "Install".

6. After installation completes, when offered to "Restart cpsrvd", click "Proceed".

7. Relogin to WHM: https://server-hostname-fqdn:2087
-
 Verify no more warnings.
- Padlock in URL should be green. Click on it and view certificate details. Verify that the certificate expires 3-4 months from now.
  • 1 brukere syntes dette svaret var til hjelp
Var dette svaret til hjelp?

Relaterte artikler

Where is Neomail?

Neomail support has been discontued in cpanel as the script will soon be obsolete and support...

I lost my Cpanel Password

To retreve Cpanel password first go to http://www.yourdomain.com:2082 (change...

What is the URL to access Webmail?

http://yourdomain.com:2095

What is BoxTrapper Spam Trap in Cpanel undel Mail?

This is a high level spam control system. When ever someone send you an E-Mail. Our system will...

How to access Cpanel

Shared Hosting : http://yourdomain.com:2082 Reseller Hosting :...

Powered by WHMCompleteSolution